tommoor / emojione-picker

A react emoji picker for use with emojione
http://tommoor.github.io/emojione-picker
MIT License
261 stars 61 forks source link

Support Content Security Policy #68

Closed akihikodaki closed 7 years ago

akihikodaki commented 7 years ago

The specification of Content Security Policy describes as the following:

This document defines Content Security Policy, a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS).

To apply Content Security Policy, we need to set a nonce to style element appended by react-virtualized. I have made a change for react-virtualized. (https://github.com/bvaughn/react-virtualized/pull/663)

emojione-picker is also required to be altered to correspond the change. I have also finished to create a change for emojione-picker fcb244dc2f0fe82a5136501171c828c7332c4b4b, but we may wait for a new version of react-virtualized including its Content Security Policy support.

tommoor commented 7 years ago

It seems like this is tied to https://github.com/tommoor/emojione-picker/issues/67 - perhaps both changes could be made at the same time?

akihikodaki commented 7 years ago

Yes, just by replacing the change of package.json and yarn.lock in commit fcb244dc2f0fe82a5136501171c828c7332c4b4b. I will make a pull request soon.

tommoor commented 7 years ago

closed in d13681972c7d2b10edd9e74b7766f22cbed7a090